1 #include "../globals.h"
3 #include "../oscam-lock.h"
4 #include "../oscam-string.h"
6 #include "protocol_t0.h"
8 #include "ifd_phoenix.h"
9 #include "../oscam-time.h"
10 #ifdef READER_NAGRA_MERLIN
11 #include "../cscrypt/fast_aes.h"
12 #include "../cscrypt/sha256.h"
13 #include "../cscrypt/mdc2.h"
14 #include "../cscrypt/idea.h"
20 // Default T0/T14 settings
22 // Default T1 settings
23 #define DEFAULT_IFSC 32
24 #define MAX_IFSC 251 // Cannot send > 255 buffer
25 #define DEFAULT_CWI 13
29 #define PPS_MAX_LENGTH 6
30 #define PPS_HAS_PPS1(block) ((block[1] & 0x10) == 0x10)
31 #define PPS_HAS_PPS2(block) ((block[1] & 0x20) == 0x20)
32 #define PPS_HAS_PPS3(block) ((block[1] & 0x40) == 0x40)
34 static uint16_t tempfi
; // used to capture FI and use it for rounding or not
35 static void ICC_Async_InvertBuffer(struct s_reader
*reader
, uint32_t size
, unsigned char *buffer
);
36 static int32_t Parse_ATR(struct s_reader
*reader
, ATR
*atr
, uint16_t deprecated
);
37 static int32_t PPS_Exchange(struct s_reader
*reader
, unsigned char *params
, uint32_t *length
);
38 static uint32_t PPS_GetLength(unsigned char *block
);
39 static int32_t InitCard(struct s_reader
*reader
, ATR
*atr
, unsigned char FI
, uint32_t D
, unsigned char N
, uint16_t deprecated
);
40 static uint32_t ETU_to_us(struct s_reader
*reader
, uint32_t ETU
);
41 static unsigned char PPS_GetPCK(unsigned char *block
, uint32_t length
);
42 static int32_t SetRightParity(struct s_reader
*reader
);
44 #ifdef READER_NAGRA_MERLIN
45 static void calculate_cak7_vars(struct s_reader
*reader
, const ATR
*atr
)
48 const uint8_t aes_iv
[] = { 0x4E, 0x61, 0x67, 0x72, 0x61, 0x63, 0x61, 0x72, 0x64, 0x28, 0x63, 0x29, 0x32, 0x30, 0x30, 0x36 }; // Nagracard(c)2006
49 mbedtls_sha256_context ctx_sha256
;
50 mbedtls_sha256_init(&ctx_sha256
);
51 mbedtls_sha256_starts(&ctx_sha256
, 0);
52 mbedtls_sha256_update(&ctx_sha256
, atr
->hb
, atr
->hbn
);
53 mbedtls_sha256_finish(&ctx_sha256
, aes_key
);
54 mbedtls_sha256_free(&ctx_sha256
);
55 memcpy(reader
->cak7_aes_key
,aes_key
,32);
56 memcpy(reader
->cak7_aes_iv
,aes_iv
,16);
58 rdr_log(reader
, "Initial AES: %s", cs_hexdump(1, reader
->cak7_aes_key
+ 16, 16, tmp
, sizeof(tmp
)));
61 void calculate_cak7_cmd(struct s_reader
*reader
, uint8_t *cmdin
,uint8_t cmdlen
,uint8_t *cmdout
)
63 uint32_t crc
= ccitt32_crc(cmdin
+4, cmdlen
-4);
64 i2b_buf(4, crc
, cmdin
);
66 AesCtxIni(&ctx
, reader
->cak7_aes_iv
, &reader
->cak7_aes_key
[16], KEY128
, CBC
);
67 AesEncrypt(&ctx
, cmdin
, cmdout
, cmdlen
);
70 void do_cak7_cmd(struct s_reader
*reader
,unsigned char *cta_res
, uint16_t *p_cta_lr
,uint8_t *data
,uint8_t inlen
,uint8_t resplen
)
74 uint8_t req
[inlen
+5+1]; // +head+len
75 memset(req
,0x00,sizeof(req
));
79 if(reader
->protocol_type
== ATR_PROTOCOL_TYPE_T0
)
87 req
[sizeof(req
)-1]=resplen
;
88 data
[4]=(reader
->cak7_seq
>>16)&0xFF;
89 data
[5]=(reader
->cak7_seq
>>8)&0xFF;
90 data
[6]=(reader
->cak7_seq
)&0xFF;
91 rdr_log_dump_dbg(reader
, D_READER
, data
, inlen
, "preparing data for writing to cardreader");
92 calculate_cak7_cmd(reader
,data
,inlen
,&req
[5]);
93 rdr_log_dump_dbg(reader
, D_READER
, req
, sizeof(req
), "write to cardreader");
94 if(!ICC_Async_CardWrite(reader
, req
, sizeof(req
), cta_res
, p_cta_lr
))
96 if(reader
->protocol_type
== ATR_PROTOCOL_TYPE_T0
)
98 if(cta_res
[*p_cta_lr
- 2] == 0x61)
100 uint8_t resp
[] = {0x00,0xC0,0x00,0x00,0x00};
101 memcpy(resp
+ 4,&cta_res
[*p_cta_lr
- 1],1);
102 if(!ICC_Async_CardWrite(reader
, resp
, sizeof(resp
), cta_res
, p_cta_lr
))
105 AesCtxIni(&ctx
, reader
->cak7_aes_iv
, &reader
->cak7_aes_key
[16], KEY128
, CBC
);
106 AesDecrypt(&ctx
, cta_res
, cta_res
, *p_cta_lr
-2);
113 else if(cta_res
[*p_cta_lr
- 2] == 0x6F && cta_res
[*p_cta_lr
- 1] == 0x01)
115 rdr_log(reader
, "card answered 6F01 - trying one more time");
116 if(!ICC_Async_CardWrite(reader
, req
, sizeof(req
), cta_res
, p_cta_lr
))
118 if(cta_res
[*p_cta_lr
- 2] == 0x61)
120 uint8_t resp
[] = {0x00,0xC0,0x00,0x00,0x00};
121 memcpy(resp
+ 4,&cta_res
[*p_cta_lr
- 1],1);
122 if(!ICC_Async_CardWrite(reader
, resp
, sizeof(resp
), cta_res
, p_cta_lr
))
125 AesCtxIni(&ctx
, reader
->cak7_aes_iv
, &reader
->cak7_aes_key
[16], KEY128
, CBC
);
126 AesDecrypt(&ctx
, cta_res
, cta_res
, *p_cta_lr
-2);
133 else if(cta_res
[*p_cta_lr
- 2] == 0x6F && cta_res
[*p_cta_lr
- 1] == 0x01)
135 rdr_log(reader
, "card needs reinit");
146 if(cta_res
[*p_cta_lr
- 2] == 0x6F && cta_res
[*p_cta_lr
- 1] == 0x01)
148 rdr_log(reader
, "card answered 6F01 - trying one more time");
149 if(!ICC_Async_CardWrite(reader
, req
, sizeof(req
), cta_res
, p_cta_lr
))
151 if(cta_res
[*p_cta_lr
- 2] == 0x6F && cta_res
[*p_cta_lr
- 1] == 0x01)
153 rdr_log(reader
, "card needs reinit");
158 AesCtxIni(&ctx
, reader
->cak7_aes_iv
, &reader
->cak7_aes_key
[16], KEY128
, CBC
);
159 AesDecrypt(&ctx
, cta_res
, cta_res
, *p_cta_lr
-2);
170 AesCtxIni(&ctx
, reader
->cak7_aes_iv
, &reader
->cak7_aes_key
[16], KEY128
, CBC
);
171 AesDecrypt(&ctx
, cta_res
, cta_res
, *p_cta_lr
-2);
181 static void calculate_changerom_cmd(struct s_reader
*reader
, const ATR
*atr
, uint8_t *cmd
)
183 uint8_t cmd_data
[] = { 0xCC, 0xCC, 0xCC, 0xCC, 0x00, 0x00, 0x01, 0x01, 0x01, 0x95, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC };
184 calculate_cak7_vars(reader
,atr
);
185 calculate_cak7_cmd(reader
,cmd_data
,sizeof(cmd_data
),cmd
);
189 int32_t ICC_Async_Device_Init(struct s_reader
*reader
)
191 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
192 if (!crdr_ops
) return ERROR
;
194 rdr_log_dbg(reader
, D_IFD
, "Opening device %s", reader
->device
);
196 int32_t ret
= crdr_ops
->reader_init(reader
);
199 rdr_log_dbg(reader
, D_IFD
, "Device %s successfully opened", reader
->device
);
203 if(reader
->typ
!= R_SC8in1
)
205 NULLFREE(reader
->crdr_data
);
207 rdr_log_dbg(reader
, D_IFD
, "ERROR: Can't open %s device", reader
->device
);
212 int32_t ICC_Async_Init_Locks(void)
214 // Init device specific locks here, called from init thread
215 // before reader threads are running
216 struct s_reader
*rdr
;
217 LL_ITER itr
= ll_iter_create(configured_readers
);
218 while((rdr
= ll_iter_next(&itr
)))
220 const struct s_cardreader
*crdr_ops
= rdr
->crdr
;
221 if (!crdr_ops
|| !crdr_ops
->lock_init
) continue;
222 crdr_ops
->lock_init(rdr
);
227 int32_t ICC_Async_GetStatus(struct s_reader
*reader
, int32_t *card
)
229 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
234 if (reader
->typ
== R_SMART
&& reader
->smartdev_found
>= 4)
236 reader
->statuscnt
= reader
->statuscnt
+ 1;
237 if (reader
->statuscnt
== 6)
240 call(crdr_ops
->get_status(reader
, &in
));
243 reader
->modemstat
= 1;
245 reader
->statuscnt
= 0;
249 reader
->modemstat
= 0;
251 reader
->statuscnt
= 0;
257 *card
= reader
->modemstat
;
264 call(crdr_ops
->get_status(reader
, &in
));
278 int32_t ICC_Async_Activate(struct s_reader
*reader
, ATR
*atr
, uint16_t deprecated
)
280 rdr_log_dbg(reader
, D_IFD
, "Activating card");
281 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
282 if (!crdr_ops
) return ERROR
;
283 reader
->current_baudrate
= DEFAULT_BAUDRATE
;
284 if(reader
->atr
[0] != 0 && !reader
->ins7e11_fast_reset
)
286 rdr_log(reader
, "Using ATR from reader config");
287 ATR_InitFromArray(atr
, reader
->atr
, ATR_MAX_SIZE
);
291 reader
->crdr_flush
= crdr_ops
->flush
; // Flush flag may be changed for each reader
292 call(crdr_ops
->activate(reader
, atr
));
293 if(crdr_ops
->skip_extra_atr_parsing
)
299 uint8_t atrarr
[ATR_MAX_SIZE
];
301 ATR_GetRaw(atr
, atrarr
, &atr_size
);
302 char tmp
[atr_size
* 3 + 1];
303 rdr_log(reader
, "ATR: %s", cs_hexdump(1, atrarr
, atr_size
, tmp
, sizeof(tmp
)));
304 memcpy(reader
->card_atr
, atrarr
, atr_size
);
305 reader
->card_atr_length
= atr_size
;
307 // Get ICC reader->convention
308 if(ATR_GetConvention(atr
, &(reader
->convention
)) != ATR_OK
)
310 rdr_log(reader
, "ERROR: Could not read reader->convention");
311 reader
->convention
= 0;
312 reader
->protocol_type
= 0;
315 reader
->protocol_type
= ATR_PROTOCOL_TYPE_T0
;
317 // Parse_ATR and InitCard need to be included in lock because they change parity of serial port
320 crdr_ops
->lock(reader
);
322 int32_t ret
= Parse_ATR(reader
, atr
, deprecated
);
325 crdr_ops
->unlock(reader
);
329 rdr_log(reader
, "ERROR: Parse_ATR returned error");
333 reader
->cak7type
= 0;
334 #ifdef READER_NAGRA_MERLIN
336 ATR_GetRaw(atr
, atrarr
, &atr_size
);
338 if((memcmp(atrarr
+ 8, "DNASP40", 7) == 0) || (memcmp(atrarr
+ 11, "DNASP41", 7) == 0) || (memcmp(atrarr
+ 11, "DNASP48", 7) == 0))
340 rdr_log(reader
, "card needs reset before init");
342 call(crdr_ops
->activate(reader
, atr
)); //try to read the atr of this layer
343 ATR_GetRaw(atr
, atrarr
, &atr_size
);
344 rdr_log(reader
,"ATR: %s", cs_hexdump(1, atrarr
, atr_size
, tmp
, sizeof(tmp
)));
345 // Parse_ATR and InitCard need to be included in lock because they change parity of serial port
348 crdr_ops
->lock(reader
);
350 int32_t ret1
= Parse_ATR(reader
, atr
, deprecated
);
353 crdr_ops
->unlock(reader
);
357 rdr_log(reader
, "ERROR: Parse_ATR returned error");
362 if((memcmp(atrarr
+ 8, "DNASP4", 6) == 0) || (memcmp(atrarr
+ 11, "DNASP4", 6) == 0))
364 rdr_log(reader
, "detected card in CAK7 mode");
365 calculate_cak7_vars(reader
, atr
);
366 reader
->cak7type
= 1;
368 else if(((memcmp(atrarr
+ 7, "pp", 2) == 0 && ((atrarr
[9]&0x0F) >= 10)) || (memcmp(atrarr
+ 11, "DNASP18", 7) == 0) || (memcmp(atrarr
+ 11, "DNASP19", 7) == 0) || (memcmp(atrarr
+ 11, "DNASP1A", 7) == 0)) && reader
->cak7_mode
)
370 rdr_log(reader
, "detected card in CAK6/Seca mode -> try switch to Nagra CAK7");
371 uint8_t changerom_handshake
[22];
372 memset(changerom_handshake
, 0x00, 22);
374 calculate_changerom_cmd(reader
, atr
, &changerom_handshake
[5]);
375 memset(reader
->rom
, 0, 15);
376 unsigned char cta_res
[CTA_RES_LEN
];
377 memset(cta_res
, 0, CTA_RES_LEN
);
380 changerom_handshake
[0] = 0x80;
381 changerom_handshake
[1] = 0xCA;
382 changerom_handshake
[4] = 0x11; // 0x11: length of data we will send
383 uint8_t cta_res1_ok
= 0x61;
384 uint8_t cta_res2_ok
= 0x10;
386 if(reader
->protocol_type
!= ATR_PROTOCOL_TYPE_T0
)
388 //changerom_handshake[0] = 0x80; // fix for mipsel router
389 changerom_handshake
[4] = 0x10; // 0x10: length of data we will send
394 changerom_handshake
[21] = 0x10;
396 reader
->cak7type
= 1;
397 if(!ICC_Async_CardWrite(reader
, changerom_handshake
, sizeof(changerom_handshake
), cta_res
, &cta_lr
))
399 if(cta_res
[cta_lr
-2] == cta_res1_ok
&& cta_res
[cta_lr
-1] == cta_res2_ok
)
401 rdr_log(reader
, "switch nagra layer OK");
403 call(crdr_ops
->activate(reader
, atr
)); //try to read the atr of this layer
404 ATR_GetRaw(atr
, atrarr
, &atr_size
);
405 rdr_log(reader
,"ATR: %s", cs_hexdump(1, atrarr
, atr_size
, tmp
, sizeof(tmp
)));
406 calculate_cak7_vars(reader
, atr
);
407 if(reader
->protocol_type
== ATR_PROTOCOL_TYPE_T0
)
409 reader
->cak7type
= 3;
413 reader
->cak7type
= 1;
418 crdr_ops
->lock(reader
);
420 int32_t ret2
= Parse_ATR(reader
, atr
, deprecated
);
423 crdr_ops
->unlock(reader
);
427 rdr_log(reader
, "ERROR: Parse_ATR returned error");
433 rdr_log(reader
,"Switch to nagra layer failed!");
439 rdr_log(reader
,"Switch to nagra layer command failed!");
442 memcpy(reader
->card_atr
, atrarr
, atr_size
);
443 reader
->card_atr_length
= atr_size
;
444 memcpy(reader
->rom
, atr
->hb
, (atr
->hbn
>15)?15:atr
->hbn
); // get historical bytes from atr
447 rdr_log_dbg(reader
, D_READER
, "Card successfully activated");
452 int32_t ICC_Async_CardWrite(struct s_reader
*reader
, unsigned char *command
, uint16_t command_len
, unsigned char *rsp
, uint16_t *lr
)
454 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
455 if (!crdr_ops
) return ERROR
;
457 *lr
= 0; //will be returned in case of error
458 if(crdr_ops
->card_write
)
460 call(crdr_ops
->card_write(reader
, command
, rsp
, lr
, command_len
));
461 rdr_log_dump_dbg(reader
, D_READER
, rsp
, *lr
, "Answer from cardreader:");
466 crdr_ops
->lock(reader
);
474 rdr_log(reader
, "Warning: needed try nr %i, next ECM has some delay", try);
477 switch(reader
->protocol_type
)
479 case ATR_PROTOCOL_TYPE_T0
:
480 ret
= Protocol_T0_Command(reader
, command
, command_len
, rsp
, lr
);
483 case ATR_PROTOCOL_TYPE_T1
:
484 ret
= Protocol_T1_Command(reader
, command
, command_len
, rsp
, lr
);
486 if(ret
!= OK
&& !crdr_ops
->skip_t1_command_retries
&& reader
->cak7type
== 0)
489 rdr_log(reader
, "Resync error: readtimeouts %d/%d (max/min) us, writetimeouts %d/%d (max/min) us", reader
->maxreadtimeout
, reader
->minreadtimeout
, reader
->maxwritetimeout
, reader
->minwritetimeout
);
490 unsigned char resync
[] = { 0x21, 0xC0, 0x00, 0xE1 };
491 ret
= Protocol_T1_Command(reader
, resync
, sizeof(resync
), rsp
, lr
);
494 //reader->ifsc = DEFAULT_IFSC; // tryfix cardtimeouts: ifsc is setup at card init, on resync it should not return to default_ifsc
495 rdr_log(reader
, "T1 Resync command successful ifsc = %i", reader
->ifsc
);
500 rdr_log(reader
, "T1 Resync command error, trying to reactivate!");
502 ICC_Async_Activate(reader
, &atr
, reader
->deprecated
);
505 crdr_ops
->unlock(reader
);
511 case ATR_PROTOCOL_TYPE_T14
:
512 ret
= Protocol_T14_ExchangeTPDU(reader
, command
, command_len
, rsp
, lr
);
516 rdr_log(reader
, "ERROR: Unknown protocol type %i", reader
->protocol_type
);
517 type
= 99; // use 99 for unknown.
522 while((try < 3) && (ret
!= OK
) && (((type
== 0 || type
== 1) && reader
->cak7type
== 0) || type
== 14)); // always do one retry when failing
525 crdr_ops
->unlock(reader
);
529 rdr_log_dbg(reader
, D_TRACE
, "ERROR: Protocol_T%d_Command returns error", type
);
532 rdr_log_dump_dbg(reader
, D_READER
, rsp
, *lr
, "Answer from cardreader:");
536 int32_t ICC_Async_GetTimings(struct s_reader
*reader
, uint32_t wait_etu
)
538 int32_t timeout
= ETU_to_us(reader
, wait_etu
);
539 rdr_log_dbg(reader
, D_IFD
, "Setting timeout to %i ETU (%d us)", wait_etu
, timeout
);
543 int32_t ICC_Async_Transmit(struct s_reader
*reader
, uint32_t size
, uint32_t expectedlen
, unsigned char *data
, uint32_t delay
, uint32_t timeout
)
545 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
546 if (!crdr_ops
) return ERROR
;
550 rdr_log_dbg(reader
, D_IFD
, "Transmit size %d bytes, expected len %d bytes, delay %d us, timeout=%d us", size
, expectedlen
, delay
, timeout
);
554 rdr_log_dbg(reader
, D_IFD
, "Transmit size %d bytes, delay %d us, timeout=%d us", size
, delay
, timeout
);
556 rdr_log_dump_dbg(reader
, D_IFD
, data
, size
, "Transmit:");
557 unsigned char *sent
= data
;
558 if(reader
->convention
== ATR_CONVENTION_INVERSE
&& crdr_ops
->need_inverse
)
560 ICC_Async_InvertBuffer(reader
, size
, sent
);
562 call(crdr_ops
->transmit(reader
, sent
, size
, expectedlen
, delay
, timeout
));
563 rdr_log_dbg(reader
, D_IFD
, "Transmit successful");
564 if(reader
->convention
== ATR_CONVENTION_INVERSE
&& crdr_ops
->need_inverse
)
566 // revert inversion cause the code in protocol_t0 is accessing buffer after transmit
567 ICC_Async_InvertBuffer(reader
, size
, sent
);
572 int32_t ICC_Async_Receive(struct s_reader
*reader
, uint32_t size
, unsigned char *data
, uint32_t delay
, uint32_t timeout
)
574 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
575 if (!crdr_ops
) return ERROR
;
577 rdr_log_dbg(reader
, D_IFD
, "Receive size %d bytes, delay %d us, timeout=%d us", size
, delay
, timeout
);
578 call(crdr_ops
->receive(reader
, data
, size
, delay
, timeout
));
579 rdr_log_dbg(reader
, D_IFD
, "Receive successful");
580 if(reader
->convention
== ATR_CONVENTION_INVERSE
&& crdr_ops
->need_inverse
== 1)
582 ICC_Async_InvertBuffer(reader
, size
, data
);
587 int32_t ICC_Async_Close(struct s_reader
*reader
)
589 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
590 if (!crdr_ops
) return ERROR
;
591 rdr_log_dbg(reader
, D_IFD
, "Closing device %s", reader
->device
);
592 call(crdr_ops
->close(reader
));
593 if(reader
->typ
!= R_SC8in1
)
595 NULLFREE(reader
->crdr_data
);
596 NULLFREE(reader
->csystem_data
);
598 rdr_log_dbg(reader
, D_IFD
, "Device %s successfully closed", reader
->device
);
602 void ICC_Async_DisplayMsg(struct s_reader
*reader
, char *msg
)
604 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
605 if (!crdr_ops
|| !crdr_ops
->display_msg
)
609 crdr_ops
->display_msg(reader
, msg
);
612 int32_t ICC_Async_Reset(struct s_reader
*reader
, struct s_ATR
*atr
, int32_t (*rdr_activate_card
)(struct s_reader
*, struct s_ATR
*, uint16_t deprecated
), int32_t (*rdr_get_cardsystem
)(struct s_reader
*, struct s_ATR
*))
614 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
615 if (!crdr_ops
|| !crdr_ops
->do_reset
)
619 return crdr_ops
->do_reset(reader
, atr
, rdr_activate_card
, rdr_get_cardsystem
);
622 static uint32_t ICC_Async_GetClockRate(int32_t cardmhz
)
628 return (372L * 9600L);
630 return (384L * 9600L);
632 return (cardmhz
* 10000L);
636 static int32_t ICC_Async_GetPLL_Divider(struct s_reader
*reader
)
638 if(reader
->divider
!= 0)
640 return reader
->divider
;
642 if(reader
->cardmhz
!= 8300) // Check dreambox is not DM7025
645 divider
= ((float) reader
->cardmhz
) / ((float) reader
->mhz
);
646 if (tempfi
== 9) reader
->divider
= (int32_t) divider
; // some card's runs only when slightly oveclocked like HD02
649 reader
->divider
= (int32_t) divider
;
650 if(divider
> reader
->divider
)
652 reader
->divider
++; // to prevent over clocking, ceil (round up) the divider
655 rdr_log_dbg(reader
, D_DEVICE
, "PLL maxmhz = %.2f, wanted mhz = %.2f, divider used = %d, actualcardclock=%.2f", (float) reader
->cardmhz
/ 100, (float) reader
->mhz
/ 100, reader
->divider
, (float) reader
->cardmhz
/ reader
->divider
/ 100);
656 reader
->mhz
= reader
->cardmhz
/ reader
->divider
;
658 else // STB is DM7025
660 int32_t i
, dm7025_clock_freq
[] = {518, 461, 395, 360, 319, 296, 267, 244, 230, 212, 197}, dm7025_PLL_setting
[] = {6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}, t_cardmhz
= reader
->mhz
;
661 for(i
= 0; i
< 11; i
++)
662 if(t_cardmhz
>= dm7025_clock_freq
[i
])
670 reader
->mhz
= dm7025_clock_freq
[i
];
671 reader
->divider
= dm7025_PLL_setting
[i
]; /*Nicer way of codeing is: reader->divider = i + 6;*/
672 rdr_log_dbg(reader
, D_DEVICE
, "DM7025 PLL maxmhz = %.2f, wanted mhz = %.2f, PLL setting used = %d, actualcardclock=%.2f", (float) reader
->cardmhz
/ 100, (float) t_cardmhz
/ 100, reader
->divider
, (float) reader
->mhz
/ 100);
674 return reader
->divider
;
677 static void ICC_Async_InvertBuffer(struct s_reader
*reader
, uint32_t size
, unsigned char *buffer
)
680 rdr_log_dbg(reader
, D_IFD
, "%s: size=%u buf[0]=%02x", __func__
, size
, buffer
[0]);
681 for(i
= 0; i
< size
; i
++)
683 buffer
[i
] = ~(INVERT_BYTE(buffer
[i
]));
687 static int32_t Parse_ATR(struct s_reader
*reader
, ATR
*atr
, uint16_t deprecated
)
689 unsigned char FI
= ATR_DEFAULT_FI
;
690 uint32_t D
= ATR_DEFAULT_D
;
691 uint32_t N
= ATR_DEFAULT_N
;
695 int32_t numprot
= atr
->pn
;
696 //if there is a trailing TD, this number is one too high
698 if(ATR_GetInterfaceByte(atr
, numprot
- 1, ATR_INTERFACE_BYTE_TD
, &tx
) == ATR_OK
)
705 bool OffersT
[3]; //T14 stored as T2
706 for(i
= 0; i
<= 2; i
++)
710 for(i
= 1; i
<= numprot
; i
++)
713 if(ATR_GetInterfaceByte(atr
, i
, ATR_INTERFACE_BYTE_TA
, &tx
) == ATR_OK
)
715 snprintf((char *)txt
+ point
, sizeof(txt
) - point
, "TA%i=%02X ", i
, tx
);
718 if(ATR_GetInterfaceByte(atr
, i
, ATR_INTERFACE_BYTE_TB
, &tx
) == ATR_OK
)
720 snprintf((char *)txt
+ point
, sizeof(txt
) - point
, "TB%i=%02X ", i
, tx
);
723 if(ATR_GetInterfaceByte(atr
, i
, ATR_INTERFACE_BYTE_TC
, &tx
) == ATR_OK
)
725 snprintf((char *)txt
+ point
, sizeof(txt
) - point
, "TC%i=%02X ", i
, tx
);
728 if(ATR_GetInterfaceByte(atr
, i
, ATR_INTERFACE_BYTE_TD
, &tx
) == ATR_OK
)
730 snprintf((char *)txt
+ point
, sizeof(txt
) - point
, "TD%i=%02X ", i
, tx
);
733 snprintf((char *)txt
+ point
, sizeof(txt
) - point
, "(T%i)", tx
);
745 snprintf((char *)txt
+ point
, sizeof(txt
) - point
, "no TD%i means T0", i
);
748 rdr_log_dbg(reader
, D_ATR
, "%s", txt
);
751 int32_t numprottype
= 0;
752 for(i
= 0; i
<= 2; i
++)
757 rdr_log_dbg(reader
, D_ATR
, "%i protocol types detected. Historical bytes: %s", numprottype
, cs_hexdump(1, atr
->hb
, atr
->hbn
, tmp
, sizeof(tmp
)));
759 ATR_GetParameter(atr
, ATR_PARAMETER_N
, &(N
));
760 ATR_GetProtocolType(atr
, 1, &(reader
->protocol_type
)); // get protocol from TD1
763 bool SpecificMode
= (ATR_GetInterfaceByte(atr
, 2, ATR_INTERFACE_BYTE_TA
, &TA2
) == ATR_OK
); // if TA2 present, specific mode, else negotiable mode
766 reader
->protocol_type
= TA2
& 0x0F;
767 if((TA2
& 0x10) != 0x10) // bit 5 set to 0 means F and D explicitly defined in interface characters
770 if(ATR_GetInterfaceByte(atr
, 1, ATR_INTERFACE_BYTE_TA
, &TA1
) == ATR_OK
)
773 ATR_GetParameter(atr
, ATR_PARAMETER_D
, &(D
));
783 rdr_log(reader
, "Specific mode: speed 'implicitly defined', not sure how to proceed, assuming default values");
787 uint32_t F
= atr_f_table
[FI
];
788 rdr_log_dbg(reader
, D_ATR
, "Specific mode: T%i, F=%d, D=%d, N=%d", reader
->protocol_type
, F
, D
, N
);
790 else // negotiable mode
793 reader
->read_timeout
= 1000000; // in us
794 bool PPS_success
= 0;
795 bool NeedsPTS
= ((reader
->protocol_type
!= ATR_PROTOCOL_TYPE_T14
) && (numprottype
> 1 || (atr
->ib
[0][ATR_INTERFACE_BYTE_TA
].present
== 1 && atr
->ib
[0][ATR_INTERFACE_BYTE_TA
].value
!= 0x11) || N
== 255)); //needs PTS according to old ISO 7816
796 if(NeedsPTS
&& deprecated
== 0)
798 // PTSS PTS0 PTS1 PCK
799 unsigned char req
[6] = { 0xFF, 0x10, 0x00, 0x00 }; //we currently do not support PTS2, standard guardtimes or PTS3,
800 //but spare 2 bytes in arrayif card responds with it
801 req
[1] = 0x10 | reader
->protocol_type
; //PTS0 always flags PTS1 to be sent always
802 if(ATR_GetInterfaceByte(atr
, 1, ATR_INTERFACE_BYTE_TA
, &req
[2]) != ATR_OK
) //PTS1
804 req
[2] = 0x11; // defaults FI and DI to 1
807 call(SetRightParity(reader
));
808 ret
= PPS_Exchange(reader
, req
, &len
);
812 unsigned char DI
= req
[2] & 0x0F;
814 uint32_t F
= atr_f_table
[FI
];
816 rdr_log_dbg(reader
, D_ATR
, "PTS successful, selected protocol: T%i, F=%d, D=%d, N=%d", reader
->protocol_type
, F
, D
, N
);
820 rdr_log_dump_dbg(reader
, D_ATR
, req
, len
, "PTS Failure, response:");
824 //When for SCI, T14 protocol, TA1 is obeyed, this goes OK for mosts devices, but somehow on DM7025 Sky S02 card goes wrong when setting ETU (ok on DM800/DM8000)
825 if(!PPS_success
) // last PPS not successful
828 if(ATR_GetInterfaceByte(atr
, 1, ATR_INTERFACE_BYTE_TA
, &TA1
) == ATR_OK
)
831 ATR_GetParameter(atr
, ATR_PARAMETER_D
, &(D
));
833 else // do not obey TA1
840 if((D
== 32) || (D
== 12) || (D
== 20)) //those values were RFU in old table
842 D
= 0; // viaccess cards that fail PTS need this
845 uint32_t F
= atr_f_table
[FI
];
846 rdr_log_dbg(reader
, D_ATR
, "No PTS %s, selected protocol T%i, F=%d, D=%d, N=%d", NeedsPTS
? "happened" : "needed", reader
->protocol_type
, F
, D
, N
);
848 }//end negotiable mode
850 //make sure no zero values
851 uint32_t F
= atr_f_table
[FI
];
855 rdr_log(reader
, "Warning: F=0 is invalid, forcing FI=%d", FI
);
860 rdr_log(reader
, "Warning: D=0 is invalid, forcing D=%d", D
);
862 rdr_log_dbg(reader
, D_ATR
, "Init card protocol T%i, FI=%d, F=%d, D=%d, N=%d", reader
->protocol_type
, FI
, F
, D
, N
);
865 return InitCard(reader
, atr
, FI
, D
, N
, deprecated
);
869 return InitCard(reader
, atr
, ATR_DEFAULT_FI
, ATR_DEFAULT_D
, N
, deprecated
);
873 static int32_t PPS_Exchange(struct s_reader
*reader
, unsigned char *params
, uint32_t *length
)
875 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
876 if (!crdr_ops
) return ERROR
;
878 unsigned char confirm
[PPS_MAX_LENGTH
];
879 uint32_t len_request
, len_confirm
;
883 len_request
= PPS_GetLength(params
);
884 params
[len_request
- 1] = PPS_GetPCK(params
, len_request
- 1);
885 rdr_log_dbg(reader
, D_IFD
, "PTS: Sending request: %s", cs_hexdump(1, params
, len_request
, tmp
, sizeof(tmp
)));
887 if(crdr_ops
->set_protocol
)
889 ret
= crdr_ops
->set_protocol(reader
, params
, length
, len_request
);
894 call(ICC_Async_Transmit(reader
, len_request
, len_request
, params
, 0, 1000000));
897 call(ICC_Async_Receive(reader
, 2, confirm
, 0, 1000000));
898 len_confirm
= PPS_GetLength(confirm
);
899 call(ICC_Async_Receive(reader
, len_confirm
- 2, confirm
+ 2, 0, 1000000));
901 rdr_log_dbg(reader
, D_IFD
, "PTS: Receiving confirm: %s", cs_hexdump(1, confirm
, len_confirm
, tmp
, sizeof(tmp
)));
902 if((len_request
!= len_confirm
) || (memcmp(params
, confirm
, len_request
)))
911 // Copy PPS handshake
912 memcpy(params
, confirm
, len_confirm
);
913 (*length
) = len_confirm
;
917 static uint32_t PPS_GetLength(unsigned char *block
)
921 if(PPS_HAS_PPS1(block
))
926 if(PPS_HAS_PPS2(block
))
931 if(PPS_HAS_PPS3(block
))
939 static uint32_t ETU_to_us(struct s_reader
*reader
, uint32_t ETU
)
941 return (uint32_t)((double) ETU
* reader
->worketu
); // in us
944 static int32_t ICC_Async_SetParity(struct s_reader
*reader
, uint16_t parity
)
946 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
947 if (!crdr_ops
) return ERROR
;
949 if(crdr_ops
->set_parity
)
951 rdr_log_dbg(reader
, D_IFD
, "Setting right parity");
952 call(crdr_ops
->set_parity(reader
, parity
));
957 static int32_t SetRightParity(struct s_reader
*reader
)
959 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
960 if (!crdr_ops
) return ERROR
;
963 uint16_t parity
= PARITY_EVEN
;
964 if(reader
->convention
== ATR_CONVENTION_INVERSE
)
968 else if(reader
->protocol_type
== ATR_PROTOCOL_TYPE_T14
)
970 parity
= PARITY_NONE
;
973 call(ICC_Async_SetParity(reader
, parity
));
975 if(crdr_ops
->flush
&& reader
->crdr_flush
)
977 IO_Serial_Flush(reader
);
983 static int32_t InitCard(struct s_reader
*reader
, ATR
*atr
, unsigned char FI
, uint32_t D
, unsigned char N
, uint16_t deprecated
)
985 const struct s_cardreader
*crdr_ops
= reader
->crdr
;
986 if (!crdr_ops
) return ERROR
;
988 uint32_t I
, F
, Fi
, BGT
= 0, edc
, GT
= 0, WWT
= 0, EGT
= 0;
989 unsigned char wi
= 0;
991 // set the amps and the volts according to ATR
992 if(ATR_GetParameter(atr
, ATR_PARAMETER_I
, &I
) != ATR_OK
)
999 // set clock speed to max if internal reader
1000 if(crdr_ops
->max_clock_speed
== 1 && reader
->typ
== R_INTERNAL
)
1002 if(reader
->autospeed
== 1) //no overclocking
1004 reader
->mhz
= atr_fs_table
[FI
] / 10000; // we are going to clock the card to this nominal frequency
1007 if(reader
->cardmhz
> 2000 && reader
->autospeed
== 1) // -1 replaced by autospeed parameter is magic number pll internal reader set cardmhz according to optimal atr speed
1009 reader
->mhz
= atr_fs_table
[FI
] / 10000 ;
1010 if((!strncmp(boxtype_get(), "vu", 2 ))||(boxtype_is("ini-8000am")))
1017 if(reader
->cardmhz
> 2000)
1019 reader
->divider
= 0; // reset pll divider so divider will be set calculated again.
1020 ICC_Async_GetPLL_Divider(reader
); // calculate pll divider for target cardmhz.
1023 Fi
= atr_f_table
[FI
]; // get the frequency divider also called clock rate conversion factor
1024 if(crdr_ops
->set_baudrate
)
1026 reader
->current_baudrate
= DEFAULT_BAUDRATE
;
1031 if(reader
->protocol_type
!= ATR_PROTOCOL_TYPE_T14
) // dont switch for T14
1033 uint32_t baud_temp
= (double)D
* ICC_Async_GetClockRate(reader
->cardmhz
) / (double)Fi
;
1034 uint32_t baud_temp2
= (double)D
* ICC_Async_GetClockRate(reader
->mhz
) / (double)Fi
;
1035 rdr_log(reader
, "Setting baudrate to %d bps", baud_temp2
);
1036 // set_baudrate() increases/decreases baud_temp to baud_temp2 in case of over/underclocking
1037 call(crdr_ops
->set_baudrate(reader
, baud_temp
));
1038 reader
->current_baudrate
= baud_temp2
;
1042 if(reader
->cardmhz
> 2000 && reader
->typ
== R_INTERNAL
)
1044 F
= reader
->mhz
; // for PLL based internal readers
1048 if (reader
->typ
== R_SMART
|| is_smargo_reader(reader
))
1050 if (reader
->autospeed
== 1)
1052 uint32_t Fsmart
= atr_fs_table
[FI
];
1053 reader
->mhz
= Fsmart
/10000;
1054 if(reader
->mhz
>= 1600)
1058 else if(reader
->mhz
>= 1200)
1062 else if(reader
->mhz
>= 961)
1066 else if(reader
->mhz
>= 800)
1070 else if(reader
->mhz
>= 686)
1074 else if(reader
->mhz
>= 600)
1078 else if(reader
->mhz
>= 534)
1082 else if(reader
->mhz
>= 480)
1086 else if(reader
->mhz
>= 436)
1090 else if(reader
->mhz
>= 400)
1094 else if(reader
->mhz
>= 369)
1098 else if(reader
->mhz
>= 357)
1100 reader
->mhz
= 369; // 357 not suported by smartreader
1102 else if(reader
->mhz
>= 343)
1112 F
= reader
->mhz
; //all other readers
1114 reader
->worketu
= (double)((double)(1 / (double)D
) * ((double)Fi
/ (double)((double)F
/ 100)));
1115 rdr_log_dbg(reader
, D_ATR
, "Calculated work ETU is %.2f us reader mhz = %u", reader
->worketu
, reader
->mhz
);
1117 //set timings according to ATR
1118 reader
->read_timeout
= 0;
1119 reader
->block_delay
= 0;
1120 reader
->char_delay
= 0;
1122 switch(reader
->protocol_type
)
1124 case ATR_PROTOCOL_TYPE_T0
:
1125 case ATR_PROTOCOL_TYPE_T14
:
1127 /* Integer value WI = TC2, by default 10 */
1128 #ifndef PROTOCOL_T0_USE_DEFAULT_TIMINGS
1129 if(ATR_GetInterfaceByte(atr
, 2, ATR_INTERFACE_BYTE_TC
, &(wi
)) != ATR_OK
)
1133 WWT
= (uint32_t) 960 * D
* wi
; //in work ETU
1134 GT
= 2; // standard guardtime
1135 GT
+= 1; // start bit
1136 GT
+= 8; // databits
1137 GT
+= 1; // parity bit
1139 if(N
!= 255) //add extra Guard Time by ATR
1141 EGT
+= N
; // T0 protocol, if TC1 = 255 then dont add extra guardtime
1143 reader
->CWT
= 0; // T0 protocol doesnt have char waiting time (used to detect errors within 1 single block of data)
1144 reader
->BWT
= 0; // T0 protocol doesnt have block waiting time (used to detect unresponsive card, this is max time for starting a block answer)
1146 rdr_log_dbg(reader
, D_ATR
, "Protocol: T=%i, WWT=%u, Clockrate=%u", reader
->protocol_type
, WWT
, F
* 10000);
1147 reader
->read_timeout
= WWT
; // Work waiting time used in T0 (max time to signal unresponsive card!)
1148 reader
->char_delay
= GT
+ EGT
; // Character delay is used on T0
1149 rdr_log_dbg(reader
, D_ATR
, "Setting timings: timeout=%u ETU, block_delay=%u ETU, char_delay=%u ETU", reader
->read_timeout
, reader
->block_delay
, reader
->char_delay
);
1152 case ATR_PROTOCOL_TYPE_T1
:
1154 unsigned char ta
, tb
, tc
, cwi
, bwi
;
1157 if(ATR_GetInterfaceByte(atr
, 3, ATR_INTERFACE_BYTE_TA
, &ta
) == ATR_NOT_FOUND
)
1159 reader
->ifsc
= DEFAULT_IFSC
;
1161 else if((ta
!= 0x00) && (ta
!= 0xFF))
1167 reader
->ifsc
= DEFAULT_IFSC
;
1170 // FIXME workaround for Smargo until native mode works
1171 if(reader
->smargopatch
== 1)
1173 reader
->ifsc
= MIN(reader
->ifsc
, 28);
1176 // Towitoko and smartreaders dont allow IFSC > 251
1178 reader
->ifsc
= MIN(reader
->ifsc
, MAX_IFSC
);
1181 #ifndef PROTOCOL_T1_USE_DEFAULT_TIMINGS
1182 // Calculate CWI and BWI
1183 if(ATR_GetInterfaceByte(atr
, 3, ATR_INTERFACE_BYTE_TB
, &tb
) == ATR_NOT_FOUND
)
1188 #ifndef PROTOCOL_T1_USE_DEFAULT_TIMINGS
1197 // Set CWT = 11+(2^CWI) work etu
1198 reader
->CWT
= (uint16_t) 11 + (1 << cwi
); // in work ETU
1200 reader
->BWT
= (uint32_t) ((1<<bwi
) * 960 * 372 / (double)((double)F
/ 100) / (double) reader
->worketu
) + 11; // BWT in work ETU
1202 BGT
= 22L; // Block Guard Time in ETU used to interspace between block responses
1203 GT
= 2; // standard guardtime
1204 GT
+= 1; // start bit
1205 GT
+= 8; // databits
1206 GT
+= 1; // parity bit
1210 GT
-= 1; // special case, ATR says standard 2 etu guardtime is decreased by 1 (in ETU) EGT remains zero!
1214 EGT
+= N
; // ATR says add extra guardtime (in ETU)
1217 // Set the error detection code type
1218 if(ATR_GetInterfaceByte(atr
, 3, ATR_INTERFACE_BYTE_TC
, &tc
) == ATR_NOT_FOUND
)
1227 // Set initial send sequence (NS)
1230 rdr_log_dbg(reader
, D_ATR
, "Protocol: T=%i: IFSC=%d, CWT=%d etu, BWT=%d etu, BGT=%d etu, EDC=%s, N=%d", reader
->protocol_type
, reader
->ifsc
, reader
->CWT
, reader
->BWT
, BGT
, (edc
== EDC_LRC
) ? "LRC" : "CRC", N
);
1231 reader
->read_timeout
= reader
->BWT
;
1232 reader
->block_delay
= BGT
;
1233 reader
->char_delay
= GT
+ EGT
;
1234 rdr_log_dbg(reader
, D_ATR
, "Setting timings: reader timeout=%u ETU, block_delay=%u ETU, char_delay=%u ETU", reader
->read_timeout
, reader
->block_delay
, reader
->char_delay
);
1243 SetRightParity(reader
); // some reader devices need to get set the right parity
1245 uint32_t ETU
= Fi
/ D
;
1246 if(atr
->hbn
>= 6 && !memcmp(atr
->hb
, "IRDETO", 6) && reader
->protocol_type
== ATR_PROTOCOL_TYPE_T14
)
1249 reader
->worketu
*= 2; // overclocked T14 needs this otherwise high ecm reponses
1252 struct s_cardreader_settings s
=
1259 .Fi
= (uint16_t) Fi
,
1266 if(crdr_ops
->write_settings
)
1268 call(crdr_ops
->write_settings(reader
, &s
));
1272 if(reader->typ == R_INTERNAL)
1274 if(reader->cardmhz > 2000)
1276 rdr_log(reader, "PLL Reader: ATR Fsmax is %i MHz, clocking card to %.2f Mhz (nearest possible mhz specified reader->mhz)", atr_fs_table[FI] / 1000000, (float) reader->mhz / 100);
1280 rdr_log(reader, "ATR Fsmax is %i MHz, clocking card to %.2f (specified in reader->mhz)", atr_fs_table[FI] / 1000000, (float) reader->mhz / 100);
1285 if ((reader->typ == R_SMART) && (reader->autospeed == 1))
1287 rdr_log(reader, "ATR Fsmax is %i MHz, clocking card to ATR Fsmax for smartreader cardspeed of %.2f MHz (specified in reader->mhz)", atr_fs_table[FI] / 1000000, (float) reader->mhz / 100);
1291 rdr_log(reader, "ATR Fsmax is %i MHz, clocking card to wanted user cardclock of %.2f MHz (specified in reader->mhz)",atr_fs_table[FI] / 1000000, (float) reader->mhz / 100);
1296 //Communicate to T1 card IFSD -> we use same as IFSC
1297 if(reader
->protocol_type
== ATR_PROTOCOL_TYPE_T1
&& reader
->ifsc
!= DEFAULT_IFSC
&& !crdr_ops
->skip_setting_ifsc
)
1299 unsigned char rsp
[CTA_RES_LEN
];
1302 unsigned char tmp
[] = { 0x21, 0xC1, 0x01, 0x00, 0x00 };
1303 tmp
[3] = reader
->ifsc
; // Information Field size
1304 tmp
[4] = reader
->ifsc
^ 0xE1;
1305 ret
= Protocol_T1_Command(reader
, tmp
, sizeof(tmp
), rsp
, &lr
);
1308 rdr_log(reader
, "Warning: Card returned error on setting ifsd value to %d", reader
->ifsc
);
1312 rdr_log_dbg(reader
, D_ATR
, "Card responded ok for ifsd request of %d", reader
->ifsc
);
1318 static unsigned char PPS_GetPCK(unsigned char *block
, uint32_t length
)
1323 for(i
= 1; i
< length
; i
++)